Testing web application security is reading a hacker’s mind, knowing vulnerability trends, understanding how to build and test security from inside out and testing it systematically from a hacker’s perspective. Web application security testing can become a long drawn out process ending into fuzzy confidence in your application. Fortunately, there are tools such as Zed Attack Proxy (ZAP), Burp Suite, Static Code Analyzer to name a few, that you can deploy and get a head start on guiding your testing to yield improved results. These tools can be configured to your environment and the goals you want to achieve.

This workshop is focused on scanning tools ZAP and Burp Suite. The main focus of the workshop is on understanding ZAP capabilities, configuring its environment, running ZAP, and interpreting the results. The participants will learn how to guide the testing activities once the results from ZAP have been analyzed and a preliminary assessment of the vulnerabilities is established. The workshop discussion will also include how to proxy through ZAP. A comparison between ZAP and Burp Suite will also be presented to better understand which tool best serves your environment and meets your objectives. Another manual technique known as “Attack Surface Analysis” will be discussed to quantify attack surface index which can be easily adopted in an agile development. The workshop will include highlights of the tool Veracode Static Code Analysis. Upon completion of this workshop, a participant will confidently be able to utilize ZAP and will be capable of deciding which tools can best serve his/her security testing needs.

Trending Content

2019 Conference Location

World Trade Center
121 SW Salmon St.
Portland, OR 97204

Don’t Miss Out!

The PNSQC newsletter offers readers interviews with presenters and keynotes, invites to webinars, upcoming industry calendar listings, and so much more straight to your inbox. Sign up by entering your email into the box and let the latest news come directly to you.